SystemTeam: QG4 checks (Release 3.1)

[stephanbcbauer]

QG checks

Please keep this issue open until QG X is concluded and will be managed by the Issue Creator!
We will inform you about finding and proposals in separated issues, this issue here is for the Overview of the Checks!

Please keep this issue open until QG4 is concluded!

Product Name: tractusx-edc
Product Owner: Stefan Ettl
Dev SPOC:
Helm Chart Version: 0.3.3
App Version: 0.3.3
QG4 Approval: yes/no

TRG 1 Documentation

TRG 1.01

https://eclipse-tractusx.github.io/docs/release/trg-1/trg-1-1

• an appropriate README.md file

TRG 1.02

https://eclipse-tractusx.github.io/docs/release/trg-1/trg-1-2

• an appropriate INSTALL.md

TRG 1.03

https://eclipse-tractusx.github.io/docs/release/trg-1/trg-1-3

• an appropriate CHANGELOG.md
  • the versioning itself follows semantic versioning

TRG 2 Git

TRG 2.01

https://eclipse-tractusx.github.io/docs/release/trg-2/trg-2-1

• default branch is named main

TRG 2.03

https://eclipse-tractusx.github.io/docs/release/trg-2/trg-2-3

• /docs directory contains detailed product related documentation for the Tractus-X product
• /charts directory contains the Helm chart for the Tractus-X product IF available
• AUTHORS.md file (optional)
• CODE_OF_CONDUCT.md file
• CONTRIBUTING.md file
• DEPENDENCIES file(s) with up to date content (Dash tool generated)
• LICENSE file
• NOTICE.md file
• SECURITY.md file

TRG 2.04

https://eclipse-tractusx.github.io/docs/release/trg-2/trg-2-4

• a Leading product repository
• repository name must be productname without prefix or suffix
• should contain the release
• references/urls to the product's other repositories
• might contain product helm chart
• README.md: contains the urls for the backend and frontend applications

TRG 2.05

https://eclipse-tractusx.github.io/docs/release/trg-2/trg-2-5

• .tractusx metafile is present in the root of the repository #280
• file has a proper format

TRG 3 Kubernetes

TRG 3.02

https://eclipse-tractusx.github.io/docs/release/trg-3/trg-3-2

• if data persistence is needed in Kubernetes the use of PersistentVolume and PersistentVolumeClaim resource

TRG 4 container

TRG 4.01

https://eclipse-tractusx.github.io/docs/release/trg-4/trg-4-1

• All images must be tagged following semantic versioning
• container is labeled correctly additionally to the latest tag

TRG 4.02

https://eclipse-tractusx.github.io/docs/release/trg-4/trg-4-2

• must add a section to your top level README.md file, that contains information about the used base image
• Java, Kotlin, ... if JVM based language use base image from Eclipse Temurin

TRG 4.03

https://eclipse-tractusx.github.io/docs/release/trg-4/trg-4-3

• image has USER command to specify a non-root user to run the container
• deployment.yaml has runAsUser and allowPrivilegeEscalation: false properly set

TRG 4.05

https://eclipse-tractusx.github.io/docs/release/trg-4/trg-4-5

• released image must be present on GitHub Package registry or Dockerhub

TRG 5 Helm

TRG 5.01

https://eclipse-tractusx.github.io/docs/release/trg-5/trg-5-01

• Helm chart must be released
• appropriate semantic versioning for version and appVersion has to be used in Chart.yaml
• must not contain any environment specific values-xyz.yaml
• values.yaml file must contain proper default values/placeholders
• No hostname provided for ingress
• Ingress is disabled
• No references to any secret engine service (e.g.: Hashicorp Vault)
• Dependencies should be prefixed with the nameOverride and/or fullnameOverride properties
• Image tag is set to the Chart.yaml appVersion property
• Chart does not provide fallback image that is used, if no further config done #283
• dependencies have to be declared in Chart.yaml NOT requirements.yml

TRG 5.02

https://eclipse-tractusx.github.io/docs/release/trg-5/trg-5-02

• Helm chart location inside Git repository in /charts directory
• chart file structure

charts/ 
    chartNameA/
      Chart.yaml
      ... 
    chartNameB/
      Chart.yaml
      ...
AUTHORS.md 
DEPENDENCIES.md 
LICENCE 
README.md 

• Chart templates of 0.3.3 tag miss license and copyright header #284
• latest tag is not used in helm chart be default

TRG 5.04

https://eclipse-tractusx.github.io/docs/release/trg-5/trg-5-04

• CPU and memory limits and requests are properly set

TRG 5.06

https://eclipse-tractusx.github.io/docs/release/trg-5/trg-5-06

• every startup configuration aspect of your application must be configurable through the Helm chart (ingress class, tls, labels, annotations, database, secrets, persistence, env variables)

TRG 5.07

https://eclipse-tractusx.github.io/docs/release/trg-5/trg-5-07

• if dependencies are present in the Chart.yaml they are properly configured

TRG 5.08

https://eclipse-tractusx.github.io/docs/release/trg-5/trg-5-08

• a product has a single deployable helm chart that contains all components (backend, frontend, etc.)
• name of the Chart should be just the product-name without prefix or suffix
• values file should contain all available variables (even from subcharts) with default values and comments about what they do
• helm install command should successfully install the chart to any supported Kubernetes version cluster (without overwriting default values)
• helm test runs without errors

Testing

• installed and running on pre-prod without errors

Hints

Information Sharing

[SebastianBezold]

Hi @stephanbcbauer,
you mentioned the Chart version 0.3.3 in your description. I can see that the appVersion in that Chart is also 0.3.3. I guess also the tag 0.3.3 is the one, that the release was built from, right?

[SebastianBezold]

Hi @stephanbcbauer, could you please help me out on the 'link to other repositories' part. AFAIK, the tractusx-edc is the only repository maintained by your team in eclipse-tractusx right? Like the connector components, but if I'm not mistaken, they are not part of the eclipse-tractusx org right?
If there would be related repos/products (not talking about products depending on the tractusx-edc), then we have a guideline on how you should 'link' them via metadata file: https://eclipse-tractusx.github.io/docs/release/trg-2/trg-2-5

[SebastianBezold]

Hi @stephanbcbauer, could you please help me out on the 'link to other repositories' part. AFAIK, the tractusx-edc is the only repository maintained by your team in eclipse-tractusx right? Like the connector components, but if I'm not mistaken, they are not part of the eclipse-tractusx org right? If there would be related repos/products (not talking about products depending on the tractusx-edc), then we have a guideline on how you should 'link' them via metadata file: https://eclipse-tractusx.github.io/docs/release/trg-2/trg-2-5

I created #280 , since the file itself is not present. It should anyways be present, even if there are no supporting repositories other that this one here. This metadata file will be used in upcoming automation

[SebastianBezold]

General remark @stephanbcbauer:
I am not sure about the state of your DEPENDENCIES. Can you please check, if it is out of date? There are restricted dependencies listed, that might be approved in the meantime. Can you do another dash run to update the restricted dependencies and see, if there are new IP checks necessary? I could also create an issue for that if you want to track it separately

[stephanbcbauer]

General remark @stephanbcbauer: I am not sure about the state of your DEPENDENCIES. Can you please check, if it is out of date? There are restricted dependencies listed, that might be approved in the meantime. Can you do another dash run to update the restricted dependencies and see, if there are new IP checks necessary? I could also create an issue for that if you want to track it separately

@SebastianBezold not sure if you have a template for this issue. But it would be really cool to create an issue for that. thx

[stephanbcbauer]

Hi @stephanbcbauer, you mentioned the Chart version 0.3.3 in your description. I can see that the appVersion in that Chart is also 0.3.3. I guess also the tag 0.3.3 is the one, that the release was built from, right?

@SebastianBezold yes that's correct

[SebastianBezold]

General remark @stephanbcbauer: I am not sure about the state of your DEPENDENCIES. Can you please check, if it is out of date? There are restricted dependencies listed, that might be approved in the meantime. Can you do another dash run to update the restricted dependencies and see, if there are new IP checks necessary? I could also create an issue for that if you want to track it separately

@SebastianBezold not sure if you have a template for this issue. But it would be really cool to create an issue for that. thx

No template yet, but I'll think of one. For now i did a blank issue #281 . In case there are any questions, feel free to reach out. If you will encounter 'does require further investigation' hints from dash, either myself or any other committer can create the IP issues for you

[stephanbcbauer]

@SebastianBezold which branch is here under test? Is it main? Or release? @tuncaytunc-zf fyi

[stephanbcbauer]

@tuncaytunc-zf just a summary (by @SebastianBezold ) because I don't know right now which should be fixed with the new release 0.3.4:

1. Almost all checks passed.
2. released Chart for version 0.3.3 does not start up -> should be fixed in a new bugfix release (Chart version bump would be enough appVersion can stay untouched)
3. Unclear how to proceed with "out of date" legal docs. DEPENDENCIES out of date and in the release do contain restricted libs, wich would be ok for development, but not for release
4. Some license and copyright headers are missing in the released tag, since ~80% are present, we could argue, that we did our due diligence and just missed out on some. Should be fixed on latest main though

---

2. is this fixed with the new release?
3. die we already follow the process here? generating IP tickets aso? does this solve the issue?
4. this should be an easy fix?

thx

[SebastianBezold]

@tuncaytunc-zf just a summary (by @SebastianBezold ) because I don't know right now which should be fixed with the new release 0.3.4:

1. Almost all checks passed.

2. released Chart for version 0.3.3 does not start up -> should be fixed in a new bugfix release (Chart version bump would be enough appVersion can stay untouched)

3. Unclear how to proceed with "out of date" legal docs. DEPENDENCIES out of date and in the release do contain restricted libs, wich would be ok for development, but not for release

4. Some license and copyright headers are missing in the released tag, since ~80% are present, we could argue, that we did our due diligence and just missed out on some. Should be fixed on latest main though

5. is this fixed with the new release?

6. die we already follow the process here? generating IP tickets aso? does this solve the issue?

7. this should be an easy fix?

thx

Hi @stephanbcbauer and @tuncaytunc-zf,
details on
2. -> The logic to select the image to use based on config does not resolve to a valid image. This results in cannot choose control-plane image automatically based on configuration errors, if there is no further config. We aim for working defaults, so anyone could at least try out the Chart in a basic config without much effort.
3. -> If you are creating a 0.3.4 release, this should be easy to include. From a release point of view. Every used 3rd party dependency must be listed in the DEPENDENCIES and every lib has to be approved by the EF.

[stephanbcbauer]

@SebastianBezold, @Siegfriedk could you please check again the following requirements

1. TRG 2.03 DEPENDENCIES file(s) with up-to-date content (Dash tool generated) -> was generated again, missing IP requests were created -> no rejected LIBS anymore
2. TRG 2.05 file has a proper format -> file was created -> format should be fine
3. TRG 5.08 helm install command should successfully install the chart to any supported Kubernetes version cluster (without overwriting default values) -> not possible on our side (because we are using daps) and therefore certificates are needed. But we adapted the documentation docs: add more documentation to the helm charts  #352 how to use/generate the needed parameters.
4. TRG 5.08 helm test runs without errors -> related to 3.
5. installed and running on pre-prod without errors -> can you try this again?

add on "> The logic to select the image to use based on config does not resolve to a valid image. This results in cannot choose control-plane image automatically based on configuration errors, if there is no further config. We aim for working defaults, so anyone could at least try out the Chart in a basic config without much effort." -> now there is a default image used if no image is selected

@paullatzelsperger , @stefan-ettl FYI -> If these requirements are fulfilled now, we can create the new release 0.3.4

[Siegfriedk]

@stephanbcbauer if you use daps, you should pull daps in as a default dependency

[stephanbcbauer]

@SebastianBezold @Siegfriedk @paullatzelsperger i think this issue can be closed? i am just wondering what happend with the "open" tasks? Are there still ongoing discussions related to the provided helm charts?

[Siegfriedk]

@stephanbcbauer no clue and i don't mind closing it. We discussed all critical things together, i assume you are aware of our trgs and we will do a new review with 3.2.